2 Crest Jobs

We are looking for a skilled and motivated Penetration Tester to join our DART (Detection and Response Team) and help deliver high-impact Penetration Testing as a Service (PTaaS) engagements to our global clients. This is a hands-on role focused on continuous testing, real-world simulations, and providing actionable insights using industry-leading tools like Metasploit Pro and CIS-CAT Pro. Youll be part of a CREST-aligned team helping financial institutions, government bodies, and mid-market clients secure their infrastructure, web applications, cloud platforms, and internal networks. Key Responsibilities Perform internal and external network penetration testing Conduct web application and API testing using OWASP and custom test cases Simulate real-world attack vectors including privilege escalation and lateral movement Execute configuration audits using CIS-CAT Pro for hardening validation Design and run automated and manual exploit campaigns using Metasploit Pro Prepare detailed reports with technical findings, business risk, and remediation guidance Participate in client scoping sessions and debriefs Collaborate with the development and infrastructure teams to validate remediations Contribute to continuous improvements of our PTaaS platform and methodology What Were Looking For 36 years in penetration testing, red teaming, or offensive security Strong knowledge of security testing methodologies (OWASP, PTES, MITRE ATT&CK) Hands-on experience with Metasploit Pro, Burp Suite, CIS-CAT Pro, or similar tools Certifications preferred : OSCP, CREST CRT, CRTO, or equivalent Preferred candidate profile Familiarity with cloud security (Azure, AWS, M365) and Active Directory attacks Strong report writing and client communication skills

Following are the details: ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Job Summary: We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies. Key Responsibilities: Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Qualification: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Skills : Excellent communication and collaboration skills. Red Teaming, VAPT, Application Security (Web/Mobile/API), Red Teaming and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as Burp Suite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modelling and secure coding practices. Strong understanding of TTPs, threat modelling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques. Preferred Certificates : OSCP, CRTP, eWPTX, Security+, CREST, CRTO Job Location : Mumbai/Navi Mumbai Job Mode : Work from Office Need an immediate Joiner who may join by 15th June, 2025